package com.example.easytts.security

import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

@Configuration
@EnableWebSecurity
class SecurityConfig {
    @Bean
    fun filterChain(http: HttpSecurity): SecurityFilterChain {
        http
            .csrf { it.disable() }
            .authorizeHttpRequests {
                it.requestMatchers(
                    "/static/**",
                    "/", "/index.html", "/favicon.ico", "/favicon.png", "/logo.png", "/wechat-qr.png",
                    "/assets/**", "/vite.svg", "/junior.json", "/senior.json", "/primary.json",
                    "/public/**", "/resources/**", "/webjars/**",
                    "/api/auth/register", "/api/auth/login", "/api/auth/send-code", "/api/auth/verify-code", "/api/options",
                    "/api/options/voice-options",
                    "/api/tts/synthesize", "/api/tts/remaining", "/api/tts/usage-stat",
                    "/api/upload/ocr-image",
                    "/api/video/generate", "/api/video/task/**", "/api/video/test", "/api/video/upload"
                ).permitAll()
                it.requestMatchers("/api/admin/**").hasRole("ADMIN")
                it.requestMatchers("/admin/**").hasRole("ADMIN")
                it.requestMatchers("/api/**").hasAnyRole("USER", "VIP", "ADMIN")
                it.anyRequest().authenticated()
            }
            .addFilterBefore(JwtAuthFilter(), UsernamePasswordAuthenticationFilter::class.java)
        return http.build()
    }
} 